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1 . A system of oompu&ig apparatus comprising: 

a computing platform having a first data processor and a first cteta storage 
means; 

a monitoring component having a second data processor and a second data 
storage means, wherein satei monitoring <£>rn£orieM te configured to perform a 
plurality of data ehecks on said oomputsn^ pt&Hbrrn; and 

a token device besng physically distinct and separable from said computing 
platform and said monitoring component 

wherein in one mode of opemt&n* said token device operates to make an 
integrity challenge to said rnonitonng component and said token device will not 
ur*dertake specific actions of whkto ft is c&pafcie unless it receives a saf*sfacto?y 
response to said integrity challenge. 

Z The system as claimed in claim 1, wherein said token device receives 
a defied response to said integnty chaftcnge, and processes sakJ infegnty response 
to interpret said integrity response. 

3. the system as claimed In claim 1. further comprising a ENrd party 
server, wherein a response to said integrity challenge is sent to satd third party 
server. 



4. The system as claims in claim & wherein said monitoring component 
senc^s a Rafted integrity response to a ifcird party server if requested to tfe so m said 
Integrity cfta#eo$?e. 
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.5* (Amended? The .system -as claimed in claim 3, wherein said 
monitoring component reports a detailed integrity response t<? 
said tofcan device and said token, device sends said integrity 
response to said third party server if it requires the third 
party server to h@l.p interpret said detailed. Integrity response. 

t Amended) The system «s claimed in el&i^ 3 r in which a 
third party server sixtfpliries said integrity responses to e form 
in which said token devic© can interpret s»id integrity 
response . 



7, (.Anveadod) The system as claimed i.n claim 6 ( wherein a cblrd 
party server sends a simplified integrity response to said token 
device. 

8, (Anwasidcd) system &3 claimed in claim ?, operating to- 
add a digital signature -da.es to said simplified integrity 
response, &&id digital signature authenticating said third party 
server 1 to said cokei* device- 

9. (Amended) The »ys?t©m as claimed in claim 1, wherein said 
nsoni coring component se*nds a detailed integrity response to & 
third party server. 

10. ( toisnded) This system as claimed its claim 1, in which said 
token device i& requested to take an action* 

.11. (Amended) Th^ system as claimed in. claim 1. in which said 
token device requests to take an action. 

12, (Amended) The system as claimed in claim 1 in which said 
token device sends image data to said computer platform it: a 
$4 id. satisfactory response to said integrity challenge is 
received, and said caii;put^r platform displays si* id image data.. 
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13, The system as claimed in da*ro 1 , wherein said monitpnng component 
ts capaitfe oimtabYmtimg an identity of itself. 

14.. The system as earned in claim t t further comprising an interface 
means for interfacing between s^id monitoring component and said token device, 



15. (tended) The- system as claimed in claim 1, wherein said 
system of. costing apparatus is configured such that said 
monitoring compoxienu reports said dates checks co said token 
device, data checks containing data, describing a states of 

s«id computer platform. 
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1-6. The system as claimed m claim 1, wherein a said specie action 
comprises authorising said computing platform to undertake a transaction on behalf 
of a user of said system. 

1 7, A system of computing apparatus comprising; 

a computiing platform having a first data processor and a first data storage 
means: 

a monitoring component having a second data processor and a second data 
storage means, wherein; said monitoring component is configured to perform a 
plurality of data checks on .sakJ computing platform; and 

3 token device being physically distinct ar*d separate from said computing 
platform and said monitoring component, 

wherein said token device sends an integrity challenge to said rnonitonng 
component; 

said monitofing component generates a response to said integrity challenge; 

if said token device receives a satisfactory response to said integrity challenge, 
then said token device sends verification data to said computer ptelfomi, said 
verification data verifying correct operation of said computer platform; and 

safci computer platform displays said vernation data on a visual display 
screen, 
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18. A computing entity comprising: 

a competing ptetform having 3 first data processor and first data storage 
means; 

a momtori^g component having a second data processor and second data 
storage means, whereto said moriitonng component is configured to perform a 



plurality of data checks on said computing pMomn, said monitoring component being 
capable of establishing an identity of itself . 

Interface m&ans for communicating with a token device said interface means 
communicating with said monltonng component, 

wherein sakS computing entity fs configured such that said monitoring 
component reports said data cfiecks to sakJ taken dsvfc©. said data checks 
containing data describing a status of said computer platform, 

19. The computing; entity as daimed to claim IS, wherein on 
communication between said token device and said foterfaoe means, said monitoring 
component ts activated to perform a monitoring operation on said computer pfatform^ 
in whksh said monitoring component obtains data describing an operating status of 
said computer platform. 

20. The computing entity as claimed tn claim 1& ( wherein s&td interface 
means is rodent substantially wholly within said monitoring component 

21. The computing entity as claimed in claim 18 K wherein said Interface 
means comprises said computer platform, 

22. The computing entity as claimed m ctesm 18, wherein- said interface 
means comprises a PCSC stacK In accordance with PCSG Workgroup PC/SC 
Specification 1,0, 
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23. The computing entity as claimed in cfefm ta« wherein said monitoring 
component comprises a verification means configured to obtain a certification data 
independently certifying said status data, and to provide said certification data to said 
anterfaoe means, 

24. The computing entity as claimed m c*a*m iB t wherein saW interface 
means is configured to send and rocraive data according to a pro-active protocol 

25. A method of obtaining verification o$ a state of a computer entity, said 
computer entity comprising a computer ptetform comprising a first data processor 
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and a first memory means* and a monitoring component comprising a second data 
processor and a second memory means, sakJ method comprising the steps of: 

receiving an interrogation request signal via an interface of said computing 

entity; 

said monitoring component performing a monitoring operation of said computer 
platform in response to a said received interrogation request signal and 

said monitoring component reporting a result message to sasd interface, said 
result message describing a result of said monitoring operation, 

26. A method m datmed in darm 25 t «i which said monitoring operation 
comprises the steps of; 

said rooratoring component carrying out one or a plurality of data checks on 
components of said computing platform; and 

&aid monitoring component being able to report a set of certified reference data 
together with safci data checks, 

27. The method as dammed in clafm 25, wherein said certified reference 
data incfudes a set of metrics to be expected when measuring particular components 
of said computing platform, and includes digital signature 6at^ identifying an entity 
thai certifies said reference data. 



28, The method as claimed in claim 25> wherein said step of reporting 
verification of sakl monitoring operation comprises sending a confirmation signal to a 
toke^ device said confirmation signal describing a result of said monitoring operation, 

29, Th$ method as daimed in claim 25, wfteresn said result message \$ 
transmitted by said Interface to a token device external of $a*d computing entity. 

30, The method as claimed in claim 25, comprising the step of reporting a 

re&uH of said monitoring operation by gonoratmg a visual display of confirmation 
data. 
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31. The method as claimed in claim 25, further comprising the step of 
adding a digital signature data to said result message, said digital signature data 
identifying said monitoring component; and 

transmitting; said result message and said digital signature data from said 
Interface. 

32. A method of obtaining verification of a state of a computer entity , said 
computer entity comprising g computer platform and a monitoring component, said 
method comprising the steps of: 

an; application requesting access to a functionality from a token device; 

in response to said request for access k> functionally sard token device 
generating a request ^gnal requesting a verification data from satd monitoring 
component; 

m response to said request for veriftcaiElon, sakJ monitoring component 
reporting a result message to said token device said result message- describing a 
result of a monitoring operation; 

by receipt of a satisfactory said resuR message, said token device offers said 
functionality to said application. 



33. The method as claimed in ctasm 32, wherein said monitoring 
component sends a detaited integrity response to a third party server if requested In 
an integrity challenge- toy -saM token device. 

34, The method as claimed in claim 32, wherein said monitoring 
component reports a detailed integrity response to said token device, and said token 
device sends said integrity response to a third party server if it requires the third party 
server to help interpret sasd detailed integrity response. 
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35. The method as claimed in claim 32, wherein a third party server 
simplifies said integrity response to a form; in which satd token device can interpret 
said integrity response, 

38. The method as claimed en claim 32, wherein a third party server sends 
a simplified integrity n&sponse to sakl tofcen device. 

37. The method as claimed in claim 32, iurther comprising ihe steps of: 

adding a digital signature data to a ssmpfiffed integrity response, said digital 
signature data authenticating a third party server to said token device, 

38, A method of checking an integrity of operation of a computing entity > 
said computing entity comprising a computer platform having a first processor means 
and first data storage means, and a monitonng component comprising a second 
processor and second memory means, by means of a token device, said token 
device comprising a third data processor and a third memory means, said method 
comprising the steps oh 

programming said token device to respond to a received poll signal from an 
application program, sakJ poll signal received from said computer platform; 

said lokm dovfce receiving a poll signal from said computer ptetfomrt; 

in response to said received pofl signal, said token device generating a signa! 
for requesting a verification operation by said monitoring component; and 

said monitoring component performing a verification operation of said computer 
platform in response to said received signal from said token device. 



Cancel Claims 39-40 
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41, (Amended.) The token devvLc;® as cl&inusd in claim <14. , Mid 
device beir;$ conxigur&d to be responsive to a poll signal 
opera ting in ac co r danc e wi th PC / SC spec i f i c a t i oft 1,-0, & a i d. & c>><en 
device being capable of initiating & cotfim&xid to handled by a 
software stack on the computer entity; in response to aaid poll 
aicmjl according no said poll signal according zo & proactive 
protocol . 



42. A method of verifying a status of a computing entfty, by mssn$ of a 
token device provided external of said computing entity, said method comprising the 
steps of: 

said token device receiving a pop signal; 

said token dgvies fe$pondin>g to said poll signal by providing a request for 
obtaining verification of a state of sate! computer ontity; and 

said token ctevic© receiving a result message, said result message describing 
the resuft of s&fd verification* 

43, A method by which a token dev&e can obtam verification of a state of 
a computing platform by using a monllomg. component, 

said monitoring component being capable of performing at feast one data 
check on saki computer p&tform, and establishing an identity of ilsetf „ and 
establishing a report of said at least one data check; and 

wberoin said token device has data processing capability and behaves in an 
expected manner; 
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said taken device being phy$icMy $ap#fa£>le from sajd compatog platform 
#nd $aW mentoring component, said token davios having cryptographic data 
processing capability 

wtserefn , said monitoring component proves its fden% to said token device 
and establishes & report to saki token device of at Least one data check performed on 
said computing platform, 

44, A token device comprising a data processor and a memory device, 
said token device configured to perform at least one data processing or -signaling 
function: 

wherein $0*4 token <&vfO§ 0£era&$ to: 

receive an integrity check data from an external source; 

if said Integrity check data supplied to said token device is satisfactory, then 
said token device allows a said function; and 

If said integrity check data received by said token device is unsatisfactory, then 
said toten device denies saild function. 
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45. <JTew> A systent a$ clairtw&d in claim 1, wherein said token 
device is a smart card.. 

46, i&ew) A systiem as claimed in claim IB , wherein said token 
davic© is a smart card, 

47 . (New) A taken, device ®s claimed i n claim 44 in the f orm of 
a smart card, 

48, i^ew) A cornputing system comprising : 

$ con^iJir.ing apparatus having a first data processor a firs v. 

memory ; 

a monitoring component;: having a second data processor arid a 
sscoaxl memory , wh@rei.ri saic! zncnitoring coupon ssnt iB con figured 
to per form a plura l.ity of data checks on sal. a computing 
appar at \) s ; and 



a portable user token being physically ai^tinot &&p&rabl& 
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gross said confuting apparatus and said monitoring component, 

wherein, in one raode of operafcioft, said portable user token 
operates to ro^ks* an integrity challenge to said monitoring 
component a.Dd said user- computing devie& will not undertake- 
specific actions of which it is capable unless a satisfactory 
response to said integrity challenge is- provided, 

49. C&$w) The s^y^tetn as? claimed in claim 48, wherein s&ia 
portable riser token receives a. det^i led response to said 
integrity challenge, and processes said integrity response to 
interpret said integrity response . 

50. {New} The system as claimed in claim 4«, in which said 
portable usej token, is requo&t#d to cake an action, 

51. (3S!^w} The ^y^tsm as cl&im&a in claim 4 3 in which said 
portable veer token requests to take an acti.cn, 

52. ^-ew) The syisc,£.m as. claimed in claim 48 > wherein said 
monitoring component is capable of establishing an identity of 
itsel f . 



53. (Nawj The system as clainwad in claim 48, further 
comprising token interface for interfacing between ssid 
iftonitoring eonapan&nt and said portable user token, 

54, {Ww} Tiv$ sysvt-.^ni as claimed in claim 48, wherein said 
computing system .is cou£i#u£«U such that: »aid :mon.i tor :Lw# 
coraponent reports said data checks to said tokea device, said 

(lata Checks containing daca describing a statue o£ said computer' 

apparatus .. 
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55. (Kew^ Th.es system as claimed in ciil&im 48, wherein, the 
monitoring component is mounted on -a common assembly with the 
first processor. 

56. (New* <?h® system as. claimed in el aim 48, wherein one or 
more of said data, checks comprise & ch^ck of the integrity of 
th* basic input /output software for one or more components of 
the computing apparatus . 

S? - (Wow) The sys tests as claimed in c lairs 48, wherein the 
pom able -user token, in ft siaart card. 

58, (New) The system as claimed in claim S3 f where! ti the 
portable user token is a smart card, and the token interface 
comprises a ssaa&rt card reader.. 



S9. A coraputing entity coinprislno;; 

a computing platform 'having a first data processor and a first 

a monitor inu component having & second data processor and a 
second :d^f.Yiory, wherein &;$i.d monitoring cornpon^nt is configured 
to p-erfoxrri a plurality of data checks on said computing 
platform, 

& communications interface for con^nunicatingf vdth a portable 
use* toksn, said conmmic&tionH inUr face having a contain icat ion 
path to the monitoring component:, 

wherein said computing entity is configured. such that said 
monitoring co^pon^nt is adapted to report said d&ta cji&eka to a 
portable user token connected to the cqasauni ea ui-o ti$ InL&r face. 
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said data, checks containing daca describing a .stafas of said 
computing platform. 

6D , C^ew? The computing entity as claimed in elaisr, 59, wherein 
on coismunicasiion between said portable uaer token and the 
cornrnuaicatioriK incerfa.ce, said monitoring component is activate 
co porforsn a monitoring operation on s&i-d. computer platform, in 
which said monitoring e opponent obtains data desctfihiftg an 
operating- status of s&id computer pl&tforia. 



61. {New) The computing entity ae claims in cl#lrs i>9, wherein 
the cataauaications interface is a smart card, reader, 
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